Besoin d'aide; probleme win 32.hidden.rtk

vince76 -  
 vince76 -
Bonjour, à tous
J'ai besoin de votre aide s'il vous plait. Spybot me detecte win32.hidden.rtk mais n'arrive pas à me le supprimer.

Donc la question est comment faire?
Pour info je suis pas un pro de l'ordi mais je suis à l'affut de tout conseil...
Merci d'avance.
Configuration: Windows Vista/acer8930
Firefox 3.1

9 réponses

  1. gen-hackman
     
    ===================POUR LES UTILISATEURS DE VISTA=========================
    =>< Désactive le « contrôle des comptes utilisateurs = UAC »
    (tu le réactiveras après ta désinfection): Ne pas oublier !!
    Désactiver l'UAC est nécessaire pour pouvoir faire fonctionner certains programmes sous Vista.
    - Vas dans Démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    ==>NOTE:
    =><Avant tout emploi de logiciel, s’assurer que les protections de registres tel que le Tea Timer de spybot sont désactivées (notamment lors de l’emploi d’HijackThis)
    Spybot=>mode avancé=> outils => résident
    Décocher la case résident "tea timer"

    Refermer Spybot.

    télécharge hijackthis :

    ici HijackThis
    ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

    -> enregistre la cible sous .... "le bureau"

    -> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

    -> Clique sur Install ensuite sur "I Accept"

    -> Clique sur" Do a scan system and save log file"

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

    0
  2. vince76
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:23:36, on 15/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    C:\Users\vincent\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
    C:\Program Files\Cyberlink\PowerCinema\PCMService.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Creative\Software Update 3\SoftAuto.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    C:\Program Files\Acer\Acer VCM\acp2HID.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [LaunchList] D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Global Startup: Acer VCM.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{658C2A15-A19E-42A7-84DA-E0BC08F2EE78}: NameServer = 80.10.246.130 80.10.246.3
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
    0
  3. gen-hackman
     
    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
    1. vince76
       
      -----------\\ ToolBar S&D 1.2.6 XP/Vista

      Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
      X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz )
      BIOS : InsydeH2O Version V1.04
      USER : vincent ( Administrator )
      BOOT : Normal boot
      C:\ (Local Disk) - NTFS - Total:144 Go (Free:4 Go)
      D:\ (Local Disk) - NTFS - Total:140 Go (Free:38 Go)
      E:\ (CD or DVD)
      F:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
      Option : [1] ( 15/12/2008|10:52 )

      [ UAC => 0 ]

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\Windows\\system32\\blank.htm"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="https://www.orange.fr/portail"
      "Url"="https://www.msn.com/fr-fr/actualite/"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="https://fr.yahoo.com/"
      "Default_Page_URL"="https://fr.yahoo.com/"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


      --------------------\\ Recherche d'autres infections

      --------------------\\ Cracks & Keygens ..

      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Ah ! si j'avais.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Alone (avec Kent).mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Comme dit Verlaine.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Crac !.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Gudulle.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Jean-parle.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - L'‚chapp‚(e).mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - La boŒte … joujoux.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Les amants.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Les tit'gueules.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Mes amis.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Photo de classe.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Plaie mobile.mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Trois fois rien (avec Kent).mp3
      C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Un jour Pr‚vert, une nuit Baudelaire.mp3


      [ UAC => 1 ]


      1 - "C:\ToolBar SD\TB_1.txt" - 15/12/2008|10:53 - Option : [1]

      -----------\\ Fin du rapport a 10:53:31,56
      0
  4. gen-hackman
     
    relances hijackthis coches ces lignes et "fix checked" :

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
    O4 - Global Startup: Acer VCM.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :Reg
    [-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{32099AAC-C132-4136-9E9A-4E364A424E17}"=-

    :files
    c:\Program files\daemon tools toolbar\dttoolbar.dll

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    source Chiquitine29.....................;-)

    suivi d'un autre hijackthis derriere
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. vince76
     
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== REGISTRY ==========
    Registry key HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found.
    ========== FILES ==========
    File/Folder c:\Program files\daemon tools toolbar\dttoolbar.dll not found.
    ========== COMMANDS ==========
    File delete failed. C:\Users\vincent\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12152008_112401

    Files moved on Reboot...
    C:\Users\vincent\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
    C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\urlclassifier3.sqlite moved successfully.
    C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\XUL.mfl moved successfully.
    0
  7. vince76
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:23:36, on 15/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    C:\Users\vincent\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
    C:\Program Files\Cyberlink\PowerCinema\PCMService.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Creative\Software Update 3\SoftAuto.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    C:\Program Files\Acer\Acer VCM\acp2HID.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [LaunchList] D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Global Startup: Acer VCM.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{658C2A15-A19E-42A7-84DA-E0BC08F2EE78}: NameServer = 80.10.246.130 80.10.246.3
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
    0
  8. gen-hackman
     
    ComboFix:

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


    Registry::
    [-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{32099AAC-C132-4136-9E9A-4E364A424E17}"=-

    file::
    c:\program files\daemon tools toolbar\dttoolbar.dll


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Veille à ce que Retour à la ligne ne soit pas coché dans Format.
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  9. vince76
     
    ComboFix 08-12-14.04 - vincent 2008-12-15 12:28:19.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3068.1539 [GMT 4:00]
    Lancé depuis: C:\Users\vincent\Desktop\ComboFix.exe
    Commutateurs utilisés :: C:\Users\vincent\Desktop\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\program files\daemon tools toolbar\dttoolbar.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Acer\Acer Bio Protection\PwdFilter.dll
    C:\ProgramData\vlc-0.9.6-win32.exe
    C:\Windows\system32\FTPx.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-15 12:09 . 2008-12-15 12:10 <REP> d-------- C:\Program Files\The Cleaner Demo
    2008-12-15 11:42 . 2008-12-15 11:43 114,168 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
    2008-12-15 11:24 . 2008-12-15 11:24 <REP> d-------- C:\_OTMoveIt
    2008-12-15 10:51 . 2008-12-15 10:53 <REP> d-------- C:\ToolBar SD
    2008-12-15 10:23 . 2008-12-15 10:23 <REP> d-------- C:\Program Files\Trend Micro
    2008-12-15 10:19 . 2008-12-15 10:19 56 --ah----- C:\Windows\System32\ezsidmv.dat
    2008-12-12 08:19 . 2008-10-22 05:22 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-12-12 07:45 . 2008-12-12 10:34 335,780,933 --a------ C:\Windows\MEMORY.DMP
    2008-12-11 23:11 . 2008-10-16 06:23 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-12-11 23:11 . 2008-10-16 08:47 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-12-11 23:10 . 2008-10-21 09:25 296,960 --a------ C:\Windows\System32\gdi32.dll
    2008-12-11 23:07 . 2008-11-01 05:21 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-12-11 23:07 . 2008-11-01 07:44 28,672 --a------ C:\Windows\System32\Apphlpdm.dll
    2008-12-11 23:06 . 2008-10-29 10:29 2,927,104 --a------ C:\Windows\explorer.exe
    2008-12-11 22:55 . 2008-06-23 05:59 2,868,736 --a------ C:\Windows\System32\mf.dll
    2008-12-11 22:55 . 2008-06-23 05:59 996,352 --a------ C:\Windows\System32\WMNetMgr.dll
    2008-12-11 22:55 . 2008-06-23 05:58 94,720 --a------ C:\Windows\System32\logagent.exe
    2008-12-10 12:16 . 2008-12-10 12:16 <REP> d--h-c--- C:\Users\All Users\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
    2008-12-10 12:16 . 2008-12-10 12:16 <REP> d--h-c--- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
    2008-12-10 11:39 . 2008-12-10 11:39 <REP> d-------- C:\Program Files\Electronic Arts
    2008-12-10 11:39 . 2008-12-10 11:39 792 --a------ C:\Windows\System32\ealregsnapshot1.reg
    2008-12-09 20:46 . 2008-12-09 20:46 <REP> d-------- C:\Users\vincent\AppData\Roaming\Sports Interactive
    2008-12-09 20:46 . 2008-12-09 20:46 <REP> d-------- C:\Users\All Users\Sports Interactive
    2008-12-09 20:46 . 2008-12-09 20:46 <REP> d-------- C:\ProgramData\Sports Interactive
    2008-12-09 19:51 . 2008-12-09 19:56 <REP> d-------- C:\Program Files\Common Files\Steam
    2008-12-09 19:50 . 2008-12-09 19:51 <REP> d--h----- C:\Program Files\Zero G Registry
    2008-12-09 19:50 . 2008-12-09 19:50 <REP> d-------- C:\Program Files\Sports Interactive
    2008-12-09 19:49 . 2008-12-09 19:49 <REP> d--h----- C:\Users\vincent\InstallAnywhere
    2008-12-09 14:07 . 2008-12-15 10:56 <REP> d-------- C:\Program Files\Mozilla Firefox 3.1 Beta 2
    2008-12-09 08:25 . 2008-12-09 08:25 <REP> d-------- C:\Users\All Users\Intel
    2008-12-09 08:25 . 2008-12-09 08:25 <REP> d-------- C:\ProgramData\Intel
    2008-12-09 08:25 . 2008-12-09 08:25 <REP> d-------- C:\Program Files\Common Files\Intel
    2008-12-09 08:25 . 2008-12-09 08:25 <REP> d-------- C:\Program Files\Cisco
    2008-12-09 08:20 . 2008-09-12 16:32 327,192 --a------ C:\Windows\System32\drivers\iaStor.sys
    2008-12-09 08:11 . 2008-12-09 08:11 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-12-09 08:10 . 2008-12-09 08:11 <REP> d-------- C:\Users\vincent\AppData\Roaming\SystemRequirementsLab
    2008-12-09 07:49 . 2008-12-09 07:50 <REP> d-------- C:\Users\All Users\ma-config.com
    2008-12-09 07:49 . 2008-12-09 07:50 <REP> d-------- C:\ProgramData\ma-config.com
    2008-12-09 07:49 . 2008-12-09 07:50 <REP> d-------- C:\Program Files\ma-config.com
    2008-12-08 11:40 . 2008-12-08 11:40 134,832 --ah----- C:\Windows\System32\mlfcache.dat
    2008-12-05 23:11 . 2008-12-05 23:11 <REP> d-------- C:\Users\All Users\Diskeeper Corporation
    2008-12-05 23:11 . 2008-12-05 23:11 <REP> d-------- C:\ProgramData\Diskeeper Corporation
    2008-12-05 23:11 . 2008-12-05 23:11 <REP> d-------- C:\Program Files\Diskeeper Corporation
    2008-12-05 23:11 . 2008-12-05 23:11 <REP> d-------- C:\Program Files\Common Files\Diskeeper Corporation
    2008-12-05 23:07 . 2008-12-05 23:10 <REP> d-------- C:\Users\All Users\Lavasoft
    2008-12-05 23:07 . 2008-12-05 23:10 <REP> d-------- C:\ProgramData\Lavasoft
    2008-12-05 23:07 . 2008-12-05 23:07 <REP> d-------- C:\Program Files\Lavasoft
    2008-12-05 23:05 . 2008-12-05 23:05 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-12-05 22:58 . 2008-12-06 11:00 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-12-05 22:58 . 2008-12-06 11:00 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-12-05 22:58 . 2008-12-06 10:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-12-05 22:56 . 2008-12-05 22:56 <REP> d-------- C:\Program Files\ToniArts
    2008-12-03 16:08 . 2008-12-03 16:08 <REP> d-------- C:\Users\All Users\Avira
    2008-12-03 16:08 . 2008-12-03 16:08 <REP> d-------- C:\ProgramData\Avira
    2008-12-03 16:08 . 2008-12-03 16:08 <REP> d-------- C:\Program Files\Avira
    2008-12-03 02:00 . 2008-12-15 09:59 <REP> d-------- C:\Users\vincent\AppData\Roaming\skypePM
    2008-12-03 01:58 . 2008-12-15 12:18 <REP> d-------- C:\Users\vincent\AppData\Roaming\Skype
    2008-12-03 01:57 . 2008-12-03 01:57 <REP> d-------- C:\Users\All Users\Skype
    2008-12-03 01:57 . 2008-12-03 01:57 <REP> d-------- C:\ProgramData\Skype
    2008-12-03 01:57 . 2008-12-03 01:57 <REP> d-------- C:\Program Files\Skype
    2008-12-03 01:57 . 2008-12-03 01:57 <REP> d-------- C:\Program Files\Common Files\Skype
    2008-12-01 18:23 . 2008-10-17 01:13 1,809,944 --a------ C:\Windows\System32\wuaueng.dll
    2008-12-01 18:23 . 2008-10-17 00:56 1,524,736 --a------ C:\Windows\System32\wucltux.dll
    2008-12-01 18:23 . 2008-10-17 01:09 51,224 --a------ C:\Windows\System32\wuauclt.exe
    2008-12-01 18:23 . 2008-10-17 01:09 43,544 --a------ C:\Windows\System32\wups2.dll
    2008-12-01 18:22 . 2008-10-17 01:12 561,688 --a------ C:\Windows\System32\wuapi.dll
    2008-12-01 18:22 . 2008-10-16 17:08 162,064 --a------ C:\Windows\System32\wuwebv.dll
    2008-12-01 18:22 . 2008-10-17 00:55 83,456 --a------ C:\Windows\System32\wudriver.dll
    2008-12-01 18:22 . 2008-10-17 01:08 34,328 --a------ C:\Windows\System32\wups.dll
    2008-12-01 18:22 . 2008-10-16 16:56 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-12-01 15:03 . 2008-12-01 15:03 168 --a------ C:\Windows\adidsl.ini
    2008-12-01 15:03 . 2008-12-01 15:03 21 --a------ C:\Windows\Fast800.ini
    2008-12-01 15:01 . 2008-12-01 15:01 <REP> d-------- C:\Program Files\SAGEM
    2008-12-01 15:01 . 2004-01-07 11:29 261,964 --a------ C:\Windows\System32\drivers\rtbldep3.bnm
    2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
    2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
    2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
    2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
    2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
    2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
    2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
    2008-11-30 15:36 . 2008-11-30 15:36 <REP> d-------- C:\Program Files\Pinnacle
    2008-11-30 15:35 . 2002-07-26 20:02 153,088 --a------ C:\Program Files\UNWISE.EXE
    2008-11-30 15:33 . 2008-11-30 15:33 <REP> d-------- C:\Program Files\SureThing Express Labeler
    2008-11-30 15:33 . 2008-11-30 15:33 <REP> d-------- C:\Program Files\Common Files\SureThing Shared
    2008-11-30 15:31 . 2008-11-30 15:31 <REP> d-------- C:\Program Files\proDAD
    2008-11-29 16:14 . 2005-02-03 12:51 225,280 --a------ C:\Windows\OptChecker.exe
    2008-11-29 16:14 . 2005-02-03 12:51 159,744 --a------ C:\Windows\OptRemove.exe
    2008-11-29 16:12 . 2008-11-29 16:12 <REP> d-------- C:\Securitoo
    2008-11-29 12:19 . 2008-11-29 12:19 <REP> d-------- C:\Program Files\Steinberg
    2008-11-29 12:19 . 2008-11-29 12:19 <REP> d-------- C:\Program Files\Common Files\digidesign
    2008-11-27 19:51 . 2008-12-01 15:03 989 --a------ C:\Windows\adiras.ini
    2008-11-27 19:16 . 2008-10-21 09:25 1,645,568 --a------ C:\Windows\System32\connect.dll
    2008-11-27 19:16 . 2008-08-28 07:40 712,704 --a------ C:\Windows\System32\WindowsCodecs.dll
    2008-11-27 19:16 . 2008-08-28 07:40 425,472 --a------ C:\Windows\System32\PhotoMetadataHandler.dll
    2008-11-27 19:16 . 2008-08-28 07:40 347,136 --a------ C:\Windows\System32\WindowsCodecsExt.dll
    2008-11-27 19:16 . 2008-10-22 07:57 241,152 --a------ C:\Windows\System32\PortableDeviceApi.dll
    2008-11-26 20:16 . 2008-11-26 20:16 <REP> d-------- C:\Crack NoCd Overclocked
    2008-11-26 16:48 . 2008-11-26 16:48 <REP> d-------- C:\Program Files\Wanadoo
    2008-11-26 16:48 . 2008-11-26 16:48 109 --a------ C:\Windows\Kit.ini
    2008-11-25 14:15 . 2008-11-25 14:15 <REP> d-------- C:\MyVideos
    2008-11-20 19:09 . 2008-11-20 19:09 279,712 --a------ C:\Windows\System32\drivers\atksgt.sys
    2008-11-20 19:09 . 2008-11-20 19:09 25,888 --a------ C:\Windows\System32\drivers\lirsgt.sys
    2008-11-20 19:07 . 2005-05-26 18:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
    2008-11-20 18:14 . 2007-07-19 21:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
    2008-11-20 18:14 . 2007-05-16 19:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
    2008-11-20 18:14 . 2007-07-19 21:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
    2008-11-20 18:14 . 2007-05-16 19:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
    2008-11-20 18:14 . 2008-11-20 18:14 669,184 --a------ C:\Windows\System32\pbsvc.exe
    2008-11-20 18:14 . 2007-07-19 21:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
    2008-11-20 18:14 . 2007-05-16 19:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
    2008-11-20 18:14 . 2007-04-04 21:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
    2008-11-19 15:14 . 2008-11-10 08:43 410,984 --a------ C:\Windows\System32\deploytk.dll
    2008-11-19 14:34 . 2008-09-10 07:40 1,334,272 --a------ C:\Windows\System32\msxml6.dll
    2008-11-19 14:34 . 2008-09-05 09:14 1,191,936 --a------ C:\Windows\System32\msxml3.dll
    2008-11-19 14:34 . 2008-08-27 05:05 212,480 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
    2008-11-18 18:44 . 2008-11-25 18:21 <REP> dr------- C:\Users\Public\Videos
    2008-11-18 18:44 . 2008-11-20 16:07 <REP> dr------- C:\Users\Public\Pictures
    2008-11-18 18:44 . 2008-11-25 18:21 <REP> dr------- C:\Users\Public\Music
    2008-11-15 15:06 . 2008-12-15 11:43 <REP> dr------- C:\Users\Public\Recorded TV

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-15 06:18 28,029 ----a-w C:\Users\All Users\nvModes.dat
    2008-12-15 06:18 28,029 ----a-w C:\ProgramData\nvModes.dat
    2008-12-12 06:34 --------- d-----w C:\Program Files\Windows Mail
    2008-12-12 04:25 --------- d-----w C:\ProgramData\Microsoft Help
    2008-12-10 08:17 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2008-12-09 16:09 --------- d-----w C:\ProgramData\Media Center Programs
    2008-12-05 18:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-12-03 18:19 --------- d-----w C:\Program Files\Java
    2008-12-01 11:03 32 ----a-w C:\Windows\system32\drivers\adidsl.cfg
    2008-12-01 10:14 --------- d-----w C:\Users\vincent\AppData\Roaming\U3
    2008-11-30 17:30 --------- d-----w C:\Program Files\Microsoft Games
    2008-11-30 10:16 --------- d-----w C:\Program Files\Windows Live
    2008-11-30 10:14 --------- d-s---w C:\ProgramData\WD
    2008-11-29 08:19 --------- d-----w C:\Program Files\BIAS
    2008-11-27 15:48 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-11-20 14:15 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-11-20 14:15 22,328 ----a-w C:\Users\vincent\AppData\Roaming\PnkBstrK.sys
    2008-11-20 14:15 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-11-20 14:14 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-11-20 11:48 --------- d-----w C:\ProgramData\eMule
    2008-11-15 12:23 --------- d-----w C:\Users\vincent\AppData\Roaming\dvdcss
    2008-11-13 16:36 --------- d-----w C:\Program Files\Google
    2008-11-13 16:36 --------- d-----w C:\Program Files\Brother
    2008-11-11 10:38 --------- d-----w C:\Program Files\Yahoo!
    2008-11-10 07:48 --------- d-----w C:\Program Files\Nuance
    2008-11-10 07:46 --------- d-----w C:\ProgramData\Brother
    2008-11-10 07:46 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-11-01 03:44 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-10-29 06:53 --------- d-----w C:\ProgramData\WLInstaller
    2008-10-26 22:18 --------- d-----w C:\Program Files\Picasa2
    2008-10-26 21:13 --------- d-s---w C:\ProgramData\Memeo
    2008-10-26 21:06 --------- d-----w C:\ProgramData\InstallShield
    2008-10-26 21:06 --------- d-----w C:\ProgramData\eSellerate
    2008-10-26 21:06 --------- d-----w C:\Program Files\Memeo
    2008-10-26 17:53 --------- d-----w C:\Users\vincent\AppData\Roaming\proDAD
    2008-10-23 19:24 --------- d-----w C:\Users\vincent\AppData\Roaming\Creative
    2008-10-23 18:52 --------- d-----w C:\Program Files\Creative
    2008-10-23 18:51 --------- d-----w C:\ProgramData\Creative
    2008-10-23 18:51 --------- d-----w C:\Program Files\Audible
    2008-10-23 18:50 --------- d--h--w C:\ProgramData\{549E12A2-AFC9-415A-8917-B8D197926D0C}
    2008-10-23 18:49 --------- d--h--w C:\ProgramData\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}
    2008-10-23 18:44 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-10-21 06:14 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-10-19 09:59 --------- d-----w C:\ProgramData\Pinnacle Studio
    2008-10-19 09:58 --------- d-----w C:\ProgramData\Pinnacle
    2008-10-18 21:59 --------- d-----w C:\Users\vincent\AppData\Roaming\Leadertech
    2008-10-09 19:45 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
    2008-10-09 19:45 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
    2008-10-04 19:40 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-10-02 10:12 774,144 ----a-w C:\Windows\System32\wlihvui.dll
    2008-10-02 10:07 987,136 ----a-w C:\Windows\System32\iwmssvc.dll
    2008-09-30 15:43 1,286,152 ----a-w C:\Windows\System32\msxml4.dll
    2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-09-18 04:56 147,456 ----a-w C:\Windows\System32\Faultrep.dll
    2008-09-18 04:56 125,952 ----a-w C:\Windows\System32\wersvc.dll
    2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
    2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
    2008-10-25 10:04 135,680 ----a-w C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2008-09-06 12:51 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-09-06 12:51 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-09-06 12:51 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-03-05 02:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 06:23 1233920]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 06:25 125952]
    "LaunchList"="D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 17:41 145496]
    "SoftAuto.exe"="C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 06:39 401408]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 20:34 213936]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-11-18 19:31 21633320]
    "Steam"="D:\Program Files\Steam\Steam.exe" [2008-12-09 19:52 1410296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 17:01 182808]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 13:26 1037608]
    "ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 13:22 409600]
    "eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 02:38 526896]
    "eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 06:36 544768]
    "BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 01:42 34040]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-28 05:45 13543968]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-28 05:45 92704]
    "ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-29 21:34 3719680]
    "PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 12:56 200704]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-06-16 13:58 809480]
    "ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-13 00:10 147456]
    "CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-13 00:11 167936]
    "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 19:28 167936]
    "WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 11:03 303104]
    "EPGServiceTool"="C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe" [2008-04-17 20:20 688128]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-08-11 01:04 151552]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 09:00 33648]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-25 14:04 1838592]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 04:04 39792]
    "USBToolTip"="D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 16:50 202312]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 16:28 266497]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 08:43 136600]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 12:19 6139904 C:\Windows\RtHDVCpl.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 05:23 443968]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-07-29 21:57:13 1216512]
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 20:50:32 723760]
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-01 15:02:02 1214032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "FilterAdministratorToken"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
    2008-07-29 21:34 3162624 C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= vdrcodec.dll
    "VIDC.MJPG"= Pvmjpg30.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{68C187EE-4A20-44E8-A550-26DE193D4ACD}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
    "{B6E5144E-A35A-47D4-9351-5D1518326EAC}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
    "{FB95C4B3-478C-4028-9B06-40ED0629356D}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
    "{AB9725C8-1EE6-4407-80F5-AABEBE27272F}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
    "{00C88B8B-BA66-46A6-A171-7AFEE52DBEF0}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
    "{E87C3E3F-9E50-4378-8B2A-911C50ACBA85}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
    "{2919572F-C35F-46EC-A0A8-B90A05300DFC}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
    "{01FE26FB-62CE-4612-A3BE-9FD62D21A795}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{681C8A7D-605E-434F-8AE0-34900DF662A3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{7CA0AD01-7EE0-4733-A4DF-3B3658EC2549}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{E59C0E0F-4858-43D3-A7E2-269F5D94E260}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{2899EA9A-BEF2-4433-8219-52A67021932C}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
    "{BD7CADB7-C6E7-4FAD-B090-4BF6471BA9EC}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
    "{851D172A-EA9B-412E-9E0B-28374EBDBECF}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
    "{D96E9C10-0D27-4D03-B640-42F13627DC6C}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
    "{17436CDD-F01E-4787-A842-9606E4668536}"= C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
    "{3632CFC8-18DD-4806-8983-1AA596AFF61A}"= C:\Program Files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{9DF4B097-5B8C-4D8F-8A64-335314A8FEC9}"= C:\Program Files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{4D5EC159-9009-4A0F-823B-09F8413985F2}"= C:\Program Files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{38382F66-91E5-483E-A88B-F1167B13A671}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{5175A554-6C36-4EE2-880B-392D221B0DD1}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{DFF49DC1-5FA2-4874-8BA5-9A77B1D11DC2}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{4E90BEF6-CAEA-43B7-89A5-69F2676B9488}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{144597E9-9F78-406B-A297-43E8776ADBF3}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
    "{A9290816-5188-4A33-A136-90ABF425D8D5}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
    "{7117DB80-36E8-4821-B169-54FC04A2E601}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{857D521B-1E63-4B76-A194-A7368C4B015D}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{AF49F125-FD24-47AA-BA5D-C7D3F8A5E08A}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{F45257AD-5DD9-4617-AAC6-E68652874FA1}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{63A6B432-F58D-489E-B43C-B956D1B66C5B}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{F92F0AA0-9CC2-4645-9DBA-DDBBD822744F}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{311B57DF-BD87-4BE0-A4BD-6593EF281726}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{37EE5946-854D-40BF-8492-1901A412445F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{D5605787-EB49-4E56-A248-88CB710AEAF4}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{78AE170B-5E45-4A74-BBF0-A04CD503429F}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{62F39C8D-A97B-4A67-8388-9F21622A670D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
    "{E94516C4-1F6C-42D7-94FA-9F9455A1D832}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
    "{1BA9CBEE-448C-4F31-A26C-1643CCB74C7E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
    "{57780D14-E669-4324-9B3E-260CE698225A}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
    "TCP Query User{4D685217-1FAE-4888-8BA6-CAF029E712B7}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{B1403E8A-071C-48D4-8E0F-E9F01275A7C6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{666AD78D-39BC-4941-A268-5161BCF8914C}"= UDP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
    "{E657E954-BF01-4765-BDF2-9B2A2729BD7C}"= TCP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
    "{45780548-254D-46D0-9A06-307E99F25DB5}"= UDP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
    "{79640360-4671-42F1-9873-5AD308486241}"= TCP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
    "TCP Query User{9EF2F61C-9929-49D6-98FE-AFCBEA221D68}D:\\enemy territory\\setup\\data\\etqw.exe"= UDP:D:\enemy territory\setup\data\etqw.exe:Enemy Territory: QUAKE Wars
    "UDP Query User{B916D3BD-7240-4888-9832-EC1B7B2DA3D8}D:\\enemy territory\\setup\\data\\etqw.exe"= TCP:D:\enemy territory\setup\data\etqw.exe:Enemy Territory: QUAKE Wars
    "{10C529C0-44E4-4592-9829-D34BBC2D4E78}"= UDP:D:\Program Files\Codemasters\GRID\GRID.exe:GRID
    "{D91426F8-B20C-4555-813E-DFA5CA6AB5FC}"= TCP:D:\Program Files\Codemasters\GRID\GRID.exe:GRID
    "{4B45046F-CFD9-4E65-8995-8C0DD0A23EBE}"= UDP:C:\Program Files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™
    "{1CAB1469-27F4-4408-86D1-6333E65E3C94}"= TCP:C:\Program Files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™
    "{6E753807-D6ED-4E50-A14D-AC6EA5636788}"= UDP:D:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
    "{5C14ECCF-A247-4DD0-BF99-8E53F70606FD}"= TCP:D:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
    "{4034349A-70F7-4019-89D0-FB6540E45BD0}"= UDP:D:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
    "{96A3D2CF-7894-4555-AC29-5F83F5006E99}"= TCP:D:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
    "{023CB726-10CB-4C38-A244-52A43DB35078}"= UDP:D:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
    "{252E316B-F8D7-488D-8C92-42795693AE69}"= TCP:D:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
    "{8356EF30-24EA-4D65-A4E8-C20A68023190}"= UDP:D:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
    "{CD0123BC-D732-453B-8639-294AF3C872F6}"= TCP:D:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
    "TCP Query User{B777E5C1-839B-4EBA-9AA0-D8EECE342802}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
    "UDP Query User{C7D75F8D-697B-4875-B11F-540BCCD47CE6}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
    "TCP Query User{6D92EAA2-9479-4B3F-9EFA-FC661FEA026D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{50025100-3422-42CE-AE1C-95190459AB21}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{59ECDE92-791F-47DB-91D5-9CB6E1E5A139}"= UDP:C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
    "{224249B5-225F-4DFC-8D20-1F66233EDAC5}"= TCP:C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
    "{12A62F50-14F6-432B-B0CE-1AE1DDB12DA3}"= UDP:C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
    "{DE1C4950-CF1F-47B8-8464-9766C8FE34F1}"= TCP:C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
    "TCP Query User{8B2DF5F6-09DD-44AC-8DC0-CCC0DCF90FE9}D:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:D:\program files\codemasters\dirt\dirt.exe:DiRT Executable
    "UDP Query User{30B304EA-058C-4ACE-9DDB-CCFE4F829ABF}D:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:D:\program files\codemasters\dirt\dirt.exe:DiRT Executable
    "{36CFA520-FBC5-4C37-9AF3-F076142237AD}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{B99C02C9-E0C7-4914-AC92-585CFF0B5694}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{82FC51D6-335C-4B76-A372-EE5220FFE88E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{7782D913-B7C8-4900-8F7C-64D6A40D83C4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{ADFC0B02-4FA9-4530-9DA5-AFD07C2E3A01}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C6C13B81-A2B7-473A-9FB2-21728F88AD43}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{B92FCB5C-906C-4A5B-B2EF-18FE828B0FE9}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{2DA5F21B-76B2-4B11-AE78-BDF3B5E1A5FC}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{6E2AB6A9-556A-41BA-B226-6BE42875D6B5}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "TCP Query User{F3AC364A-B1C9-4B0D-A7F7-E87929866464}D:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:D:\program files\codemasters\dirt\dirt.exe:DiRT Executable
    "UDP Query User{35151442-1685-4C1A-8058-6DADB0F21EFB}D:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:D:\program files\codemasters\dirt\dirt.exe:DiRT Executable
    "{EBD38F4C-E58A-4AEA-9927-7B51539D5501}"= UDP:D:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
    "{0BD2E89B-1C6D-4E45-88C8-675F19151A8B}"= TCP:D:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "DoNotAllowExceptions"= 0 (0x0)

    R0 AlfaFF;AlfaFF File System mini-filter;C:\Windows\system32\Drivers\AlfaFF.sys [2008-07-29 21:34:42 43184]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-29 21:54:11 61424]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [2008-03-03 16:11:14 16384]
    R2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-07-29 21:56:00 81504]
    R2 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2008-08-31 21:40:21 436224]
    R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2001-01-08 14:14:45 24576]
    R2 IGBASVC;iGroupTec Service;C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2008-07-29 21:34:46 3520512]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 01:42:24 50424]
    R2 NTIPPKernel;NTIPPKernel;\??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-07-29 21:56:01 122368]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 06:03:14 131072]
    R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-07-29 21:57:16 233472]
    R2 vfsFPService;Validity Fingerprint Service;C:\Windows\system32\vfsFPService.exe [2008-05-26 07:43:58 599344]
    R3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2008-12-01 15:02:02 104344]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2008-07-29 21:41:25 54784]
    R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-09-23 19:15:00 48128]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 10:37:40 3666432]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-07-09 15:26:16 43040]
    R3 vfs101x;vfs101x;C:\Windows\system32\drivers\vfs101x.sys [2008-05-26 07:44:14 40752]
    S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2008-12-01 15:02:01 69656]
    S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 15:42:56 64000]
    S3 hcw66xxx;WinTV HVR-900H;C:\Windows\system32\Drivers\hcw66xxx.sys [2008-08-31 21:26:38 418304]
    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2001-01-08 14:14:10 85136]
    S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-11-17 11:05:32 195752]
    S4 AutoSyncService;Memeo AutoSync service;"C:\Program Files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 20:28:44 31768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34ad80ce-7dd3-11dd-a55a-00a0d1a94401}]
    \shell\AutoRun\command - E:\setup.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-eRecoveryService - (no file)
    0
  10. vince76
     
    win32.rtk toujours présent, J'ai besoin d'aide... Si vous plait. Merci d'avance.
    vince76
    0